[Mono-dev] Remothing through HTTPS
yngve.zackrisson at mobila-kontoret.se
Wed Sep 7 05:15:06 EDT 2005
I am doing an remoting application
and have a Win32 Client with MS .NET v1.1
and a Linux (Fedora Core 3 x86) Server with Mono 126.96.36.199.
The different clients will call the remote objects methods
on the server.
Among other things the clients will upload a file to the server.
I (now) only uses "normal" calls to upload a file -
no "callbacks" any more.
The server will be located at our place.
The clients will be users of "services", running on our server.
The remote objects is currently hosted by an Console application,
but is planned to be hosted by a Windows service (on Linux / Mono :-)).
I have gotten this working with HTTP.
I now will try to do this with HTTPS (on port 443),
to get a secure tunnel between the client and the server.
We would like to use SSL with both encryption and authentication,
through x509 certificates.
The certificates should (preferable) be self signed.
>From my testings and readings I have found that:
1) My Win32 client uses Tls.
2) The Win32 client certificates should be:
a) Set in the ClientCertificates property of the HttpWebRequest.
b) The client certificate must be installed in
the LOCAL_MACHINE registry hive.
(Se: KB895971 at http://support.microsoft.com/?kbid=895971).
3) .NET prefer the DER format (called .cer)
but may also use the .p12 format.
4) From the Microsoft .NET documentation,
I have found support only for certificate authentication
through ASP.NET/IIS-hosting - In MS .NET v1.1.
5) There is some support for SSL in Mono,
and I have succeeded to install certificates in Mono through certmgr
(but I may have done it wrong. No real test yet).
What I wonder is weather this approach gonna work with .NET Remoting
and with different Win32 MS .NET clients calling a Linux Mono server?.
Do I have to customize any part of the SSL handshake?.
On the remote objects methods, I would like to have
access checks on the users .NET Roles.
Is it possible to impersonate the principal and add .NET Roles
to that principal when the remote objects is hosted in
a Console application or a Windows service (in Linux / Mono)?.
Further, I am not really sure about how to set up the certificates
on the Mono server for SSL.
I assume the the certificates should be placed in the machine store.
I have the certificates in DER (.cer) format.
Should the CA certificate be placed in the CA store
or in the Trust store?. Any more to think about?.
I assume that the server certificate should be placed
in the Trust store (of the machine store).
I hope this is right.
More information about the Mono-devel-list